<!-- Djordje Vukovic -->
<?php

    function quote_smart($value)
    {
        $value = stripslashes($value);
        if(!is_numeric($value))
        {
            $value = "'" . mysql_real_escape_string($value) . "'";
        }

        return $value;
    }

    session_start();
    $username = $_POST['mail'];
    $password = $_POST['password'];
    
    include ('konekcija_sa_bazom.php');

    $username = htmlspecialchars($username);
    $password = htmlspecialchars($password);

    $username = quote_smart($username);
    $password = quote_smart($password);

    $upit = "SELECT idKorisnik, kategorija FROM korisnik WHERE eposta=$username AND sifra=$password";
    $pronadjen = mysql_query($upit) or die("Greska pri upitu za Korisnik");

    if($pronadjen)
    {
        $red = mysql_fetch_array($pronadjen);
        $id = $red['idKorisnik'];
        $tip = $red['kategorija'];
        $_SESSION['id'] = $id;
        $_SESSION['tip'] = $tip;
        $idi_na = $_SESSION['poslednja_adresa'];
		if (stripos($idi_na,"?",0) != FALSE) $idi_na = $idi_na . "&tip=" . $tip;
        else $idi_na = $idi_na . "?tip=". $tip;
        $h = header("Location: $idi_na");
    }
    else
    {
        $_SESSION['tip'] = 'N';
        echo 'Nije pronadje korisnik';
    }


?>
